Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/konstin/venvasion
https://github.com/konstin/venvasion
Last synced: 14 days ago
JSON representation
- Host: GitHub
- URL: https://github.com/konstin/venvasion
- Owner: konstin
- Created: 2024-11-27T13:46:00.000Z (29 days ago)
- Default Branch: main
- Last Pushed: 2024-11-27T14:10:09.000Z (29 days ago)
- Last Synced: 2024-12-07T14:06:48.668Z (19 days ago)
- Language: Shell
- Size: 3.91 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# venvasion
Arbitrary code execution when activating a virtual environment after install a wheel.
This package exists to demonstrate that you should never build a virtual environment or install packages from untrusted sources: You don't even need to run a python interpreter to trigger the code execution.
Usage:
```bash
uv venv test-venv
. test-venv/bin/activate
uv pip install --no-build venvasion
. test-venv/bin/activate # oops!
```